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Crypto backup and key escrow 
David Paul Maher 

March 1996 Communications of the ACM, Volume 39 Issue 3 
Publisher: ACM Press 

Full text available: *g| pdf(498.27 KB) Additional Information: Mutation, references, citings, index terms 



2 A taxonomy for key escrow encryption systems 
Dorothy E. Denning, Dennis K. Branstad 
March 1996 Communications of the ACM, volume 39 issue 3 
Publisher: ACM Press 

Full text available: ^S| pdf(548 67 KB ) Additional Information: full citation, ci ting s, index terms, review 




3 The Q key management service 

Michael K. Reiter, Matthew K. Franklin, John B. Lacy, Rebecca N. Wright 
January 1996 Proceedings of the 3rd ACM conference on Computer and 

communications security CCS '96 
Publisher: ACM Press 

Full text available: |l|pdf(1.37 MB) Additional Information: full citation , references, citings, index terms 




Securin g wireless a p plications: ESCORT: a decentralized and localized access 
control s ystem for mobile wireless access to secured domains 
Jiejun Kong, Shirshanka Das, Edward Tsai, Mario Gerla 

September 2003 Proceedings of the 2003 ACM workshop on Wireless security WiSe 
•03 

Publisher: ACM Press 

Full text available: pdf(401 72 KB) Additional Information: full citation, abstract, references, citings, index 
' ^ ~ terms 

In this work we design and implement ESCORT, a backward compatible, efficient, and 
secure access control system, to facilitate mobile wireless access to secured wireless 
LANs. In mobile environments, a mobile guest may frequently roam into foreign domains 
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while demanding critical network services. ESCORT provides instant yet secure access to 
the mobile guest based on the concept of "escort", which refers to a special network 
object with four distinct properties: (1) T ... 

Keywords: decentralized access control, identity privacy, location privacy, mobile 
privacy, wireless security 



5 Identification control: Owner-controlled information 
Carrie Gates, Jacob Slonim 

August 2003 Proceedings of the 2003 workshop on New security paradigms NSPW 
'03 

Publisher: ACM Press 

Full text available: *p|pdf(1.06 MB) Additional Information: full citation, abstract, references 

Information about individuals is currently maintained in many thousands of databases, 
with much of that information, such as name and address, replicated across multiple 
databases. However, this proliferation of personal information raises issues of privacy for 
the individual, as well as maintenance issues in terms of the accuracy of the information. 
Ideally, each individual would own, maintain and control his personal information, 
allowing access to those who needed at the time it was needed. 0 ... 

Keywords: architecture, privacy, security 



How to break fraud-detectable ke y recove ry 
Birgit Pfitzmann, Michael Waidner 

January 1998 ACM SIGOPS Operating Systems Review, volume 32 issue l 
Publisher: ACM Press 

Full text available: ||p df( 41 7.38 KB ) Additional Information: full citation, abstract, index terms 

Fraud detection for software key recovery schemes means that, without knowing the 
session key, a third party can verify whether the correct session key could be recovered. 
This concept and a construction by so-called binding data was introduced by Verheul et al. 
at Eurocrypt '97 to provide for dishonest users that make simple modifications to 
messages, e.g., delete the key recovery information, and manipulate the recipient's 
software such that it decrypts messages even if the key recovery inform ... 

An authorization model for a public key management service 
Pierangela Samarati, Michael K. Reiter, Sushil Jajodia 

November 2001 ACM Transactions on Information and System Security (TISSEC), 

Volume 4 Issue 4 
Publisher: ACM Press 

Full text available- fD pd f(337 73 KB) Additional Information: fuli citation, abstract, refere n ces, citings, index 
^ terms, review 

Public key management has received considerable attention from both the research and 
commercial communities as a useful primitive for secure electronic commerce and secure 
communication. While the mechanics of certifying and revoking public keys and escrowing 
and recovering private keys have been widely explored, less attention has been paid to 
access control frameworks for regulating access to stored keys by different parties. In this 
article we propose such a framework for a key management ser ... 

Keywords: Access control, authorizations specification and enforcement, public key 
infrastructure 
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Inside Risks: Digital evidence 
David WJ Stringer-Calvert 

April 2002 Communications of the ACM, volume 45 issue 4 
Publisher: ACM Press 

Full text available: fg|pdf(95.78 KB) A _. 1X r „ . . 

ffsr'Z Additional Information: full citation , index terms 



Unlinkable serial transactions: protocols and applications 
Stuart G. Stubblebine, Paul F. Syverson, David M. Goldschlag 

November 1999 ACM Transactions on Information and System Security (TISSEC), 

Volume 2 Issue 4 

Publisher: ACM Press 

Full text available* f 8 !) pdf(184 87 KB) Ac,d^t ' ona, Information: full citation, ab s tract, references, citings, index 
^ " terms, review 

We present a protocol for unlinkable serial transactions suitable for a variety of network- 
based subscription services. It is the first protocol to use cryptographic blinding to enable 
subscription services. The protocol prevents the service from tracking the behavior of its 
customers, while protecting the service vendor from abuse due to simultaneous or cloned 
use by a single subscriber. Our basic protocol structure and recovery protocol are robust 
against failure in protocol termination. ... 

Keywords: anoymity, blinding, cryptographic protocols, unlinkable serial transactions 



The networ k society as seen by tw o European underdo gs 
Andrea Monti 

April 2000 Proceedings of the tenth conference on Computers, freedom and privacy: 
challenging the assumptions CFP 'OO 

Publisher: ACM Press 

Full text available: ^pdf(61.06 KB) Additional Information: full citation, index terms 



Risks to the public in c omputers and related systems 
Peter G. Neumann 

May 1998 ACM SIGSOFT Software Engineering Notes, volume 23 issue 3 
Publisher: ACM Press 

Full text available: ^|pdf(789.30 KB) Additional Information: full citatio n, ind ex terms 



12 The economics of information security investm e nt 

Lawrence A. Gordon, Martin P. Loeb 
V/ November 2002 ACM Transactions on Information and System Security (TISSEC), 
Volume 5 Issue 4 

Publisher: ACM Press 

Full text available- 1£| pdf(461.31 KB) Additional Information: full citation, abstract, refe rence s, citings, index 

terms, review 

This article presents an economic model that determines the optimal amount to invest to 
protect a given set of information. The model takes into account the vulnerability of the 
information to a security breach and the potential loss should such a breach occur. It is 
shown that for a given potential loss, a firm should not necessarily focus its investments 
on information sets with the highest vulnerability. Since extremely vulnerable information 
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sets may be inordinately expensive to protect, a f 
Keywords: Optimal security investment 



13 COCA: A secure distributed online certification authority 
Lidong Zhou, Fred B. Schneider, Robbert Van Renesse 

November 2002 ACM Transactions on Computer Systems (TOCS), volume 20 issue 4 
Publisher: ACM Press 

Full text available" ff*| pdf(448 28 KB) Additional Information: full cita tio n , abstract, references, citings, index 
™~ terms 

COCA is a fault-tolerant and secure online certification authority that has been built and 
deployed both in a local area network and in the Internet. Extremely weak assumptions 
characterize environments in which COCA's protocols execute correctly: no assumption is 
made about execution speed and message delivery delays; channels are expected to 
exhibit only intermittent reliability; and with 3t + 1 COCA servers up to t may be faulty or 
compromised. COCA is the first system to integr ... 

Keywords: Byzantine quorum systems, Certification authority, denial of service, 
proactive secret-sharing, public key infrastructure, threshold cryptography 

14 Risks to the public in computers and related systems 
Peter G. Neumann 

January 1997 ACM SIGSOFT Software Engineering Notes, volume 22 issue 1 
Publisher: ACM Press 

Full text available: ||| pdf(8 09 ,47 KB) Additional Information: fujLcitation, index terms 
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